CVE-2012-5691

RealNetworks RealPlayer <16.0.0.282-1.1.5 - RCE

Title source: llm

Description

Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/23694

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/real_player_url_property_bof.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] http://service.real.com/realplayer/security/12142012_player/en/

Scores

EPSS 0.7692

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (44)

realnetworks/realplayer 4

realnetworks/realplayer 5

realnetworks/realplayer 6

realnetworks/realplayer 7

realnetworks/realplayer 8

realnetworks/realplayer 10.0

realnetworks/realplayer 10.5

realnetworks/realplayer 11.0

realnetworks/realplayer 11.0.1

realnetworks/realplayer 11.0.2

... and 34 more

Published Dec 19, 2012

Tracked Since Feb 18, 2026